MA: Services Config View - Indicators of Compromise Tab

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on Apr 7, 2017
Version 4Show Document
  • View in full screen mode
  

This topic introduces the features and functions available in the Service Config view > Indicators of Compromise tab, which applies to the Malware Analysis service. This tab provides a way to configure the way each of the four scoring modules uses the available rules to score data.

This is an example of the Indicators of Compromise tab.

Features

The Indicators of Compromise tab consists of a toolbar and pageable grid.

This table describes the features of the grid.

                                                 
FeatureDescription
Module selection listSelects the scoring module for which you want to view the Indicators of Compromise: All, Network, Static, Community, Sandbox, or Yara.
Search fieldType text for which you are searching in the Description field.
Search optionFilters the grid to display only Descriptions that match the Description search term.
Enable All optionClick to enable all rules for the scoring module, as opposed to enabling all rules on the page using the checkbox.
Enable optionClick to enable selected rules.
Disable All optionClick to disable all rules for the scoring module, as opposed to disabling all rules on the page using the checkbox.
Disable optionClick to disable selected rules.
Reset All optionClick to reset all rows on the page to their default values.
Reset optionClick to reset selected rows to their default values.
Save optionClick to save changes you made on this page. If you leave the page without saving, the changes are lost. The description of each row with unsaved changes has a red corner.

This table describes the features of the toolbar.

                                 
ColumnDescription
Selection checkboxCheckboxes for selecting individual rows or all rows on the page.
Enabled checkboxIf the indicator of compromise is enabled, Security Analytics Malware Analysis uses the rule for scoring session data.
High Confidence checkboxIf checked, Security Analytics Malware Analysis treats the rule as one very likely to indicate the presence of malware, and an event that triggers that rule is marked in the results grid.
DescriptionDescribes the Indicator of Compromise.
ScoreSpecifies the score that you want to factor in to the total score for any event that triggers the rule. The default score is displayed and you can raise or lower the score by dragging the slider or typing a number in the score box.
File TypeDisplays the file types to which the rule applies. Possible values are ALL, PDF, MS Office, and Windows PE.
You are here
Table of Contents > Malware Analysis References > Services Config View - Indicators of Compromise Tab

Attachments

    Outcomes